callgraph

package

v0.0.0-...-fee3e51 Latest Latest Go to latest Published: Nov 16, 2025 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/shivasurya/code-pathfinder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package callgraph provides static call graph analysis for Python code.

This package is organized into several sub-packages for better modularity:

Core Types ¶

The core package contains fundamental data structures:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"

cg := core.NewCallGraph()
cg.AddEdge("main.foo", "main.bar")

Registry ¶

The registry package manages module, builtin, and stdlib registries:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"

moduleRegistry := registry.BuildModuleRegistry("/path/to/project")
builtins := registry.NewBuiltinRegistry()

Resolution ¶

The resolution package handles import, type, and call resolution:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/resolution"

engine := resolution.NewTypeInferenceEngine(moduleRegistry)
typeInfo := engine.InferType(expr, scope)

Extraction ¶

The extraction package extracts code elements from AST:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/extraction"

statements := extraction.ExtractStatements(sourceCode, functionName)

Patterns ¶

The patterns package detects security and framework patterns:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/patterns"

registry := patterns.NewPatternRegistry()
matched := patterns.MatchPattern(pattern, funcFQN, statements)

Analysis ¶

The analysis package provides taint analysis:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/analysis/taint"

summary := taint.AnalyzeIntraProceduralTaint(funcFQN, statements, ...)

CFG ¶

The cfg package provides control flow graph construction:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/cfg"

controlFlow := cfg.BuildCFG(statements)

Builder ¶

The builder package orchestrates call graph construction:

import "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"

callGraph, err := builder.BuildCallGraphFromPath(codeGraph, "/path/to/project")

Quick Start ¶

To build a call graph for a Python project:

import (
    "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
    "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
)

// Parse project
codeGraph := graph.Initialize(projectPath)

// Build call graph with all features
callGraph, moduleRegistry, patternRegistry, err := callgraph.InitializeCallGraph(codeGraph, projectPath)
if err != nil {
    log.Fatal(err)
}

// Analyze for security patterns
matches := callgraph.AnalyzePatterns(callGraph, patternRegistry)

Index ¶

func InitializeCallGraph(codeGraph *graph.CodeGraph, projectPath string) (*core.CallGraph, *core.ModuleRegistry, *patterns.PatternRegistry, error)
type SecurityMatch
- func AnalyzePatterns(callGraph *core.CallGraph, patternRegistry *patterns.PatternRegistry) []SecurityMatch

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func InitializeCallGraph ¶

func InitializeCallGraph(codeGraph *graph.CodeGraph, projectPath string) (*core.CallGraph, *core.ModuleRegistry, *patterns.PatternRegistry, error)

InitializeCallGraph builds a complete call graph with all analysis components. It returns the call graph, module registry, pattern registry, and any error.

This is a convenience function that orchestrates:

Module registry building
Call graph construction
Pattern registry initialization

Parameters:

codeGraph: the parsed code graph from graph.Initialize()
projectPath: absolute path to project root

Returns:

CallGraph: complete call graph with edges and call sites
ModuleRegistry: module path mappings
PatternRegistry: security patterns for analysis
error: if any step fails

Types ¶

type SecurityMatch ¶

type SecurityMatch struct {
	Severity     string   // "critical", "high", "medium", "low"
	PatternName  string   // Name of the security pattern
	Description  string   // Description of the vulnerability
	CWE          string   // CWE ID (e.g., "CWE-89")
	OWASP        string   // OWASP category (e.g., "A03:2021")
	SourceFQN    string   // Fully qualified name of source function
	SourceCall   string   // The source call name
	SourceFile   string   // Source file path
	SourceLine   uint32   // Source line number
	SourceCode   string   // Source code snippet
	SinkFQN      string   // Fully qualified name of sink function
	SinkCall     string   // The sink call name
	SinkFile     string   // Sink file path
	SinkLine     uint32   // Sink line number
	SinkCode     string   // Sink code snippet
	DataFlowPath []string // Path from source to sink
}

SecurityMatch represents a detected security vulnerability.

func AnalyzePatterns ¶

func AnalyzePatterns(callGraph *core.CallGraph, patternRegistry *patterns.PatternRegistry) []SecurityMatch

AnalyzePatterns detects security vulnerabilities using the pattern registry. It analyzes the call graph against all loaded security patterns.

Parameters:

callGraph: the call graph to analyze
patternRegistry: security patterns to check

Returns:

[]SecurityMatch: list of detected security issues

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
analysis
taint Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.	Package taint provides intra-procedural taint analysis for detecting data flow from sources to sinks.
builder Package builder provides call graph construction orchestration.	Package builder provides call graph construction orchestration.
cfg Package cfg provides control flow graph (CFG) construction and analysis.	Package cfg provides control flow graph (CFG) construction and analysis.
core Package core provides foundational type definitions for the callgraph analyzer.	Package core provides foundational type definitions for the callgraph analyzer.
extraction Package extraction provides AST-based code extraction utilities for Python source code.	Package extraction provides AST-based code extraction utilities for Python source code.
patterns Package patterns provides security and framework pattern detection.	Package patterns provides security and framework pattern detection.
registry Package registry provides module, type, and attribute registry functionality for Python code analysis.	Package registry provides module, type, and attribute registry functionality for Python code analysis.
resolution Package resolution provides type information structures for type resolution and inference.	Package resolution provides type information structures for type resolution and inference.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL